1. Field of the Invention
The present invention relates generally to computer security, and more particularly but not exclusively to methods and apparatus for identifying normal scripts.
2. Description of the Background Art
Scripts, such as JavaScript, are commonly employed to enhance user web browsing experience. Websites deliver scripts along with web pages to add functionality and features. However, scripts can also be used to exploit web browser or plug-in vulnerabilities. Various techniques for combating malicious codes may also be used against malicious scripts. Some malicious scripts employ some form of encryption to make them harder to detect. For example, malicious scripts may use “unescape” or other custom functions to avoid detection. Encrypted malicious scripts may need to be decrypted before they can be evaluated. Malicious scripts in clear text may be detected at the client level by emulation. Regardless, detection of malicious scripts consumes a lot of computing resources, slowing down the computer and rendering of the web page.